The blackhats have created a new strain of malware that targets the same vulnerability as the WannaCry ransomware from the first week of May. The Malware is called as EternalRocks, which uses the same flaw in Microsoft’s SMB networking protocol to infect other Windows systems that haven’t yet been patched with MS17-010. However, this new […]

Read More →

Apple fixed 141 vulnerabilities across multiple products including macOS Sierra, iOS, watchOS, tvOS, iCloud, Safari, and iTunes. Most of the vulnerabilities exist in some instances with root privileges (41 in iOS 41, 37 in macOS Sierra, 23 in tvOS and 12 in watchOS) and could lead to arbitrary code execution. Apple also fixed 26 vulnerabilities in Safari browser, which could lead to […]

Read More →

In the last few days, we saw how “WannaCry” ransomware crippled 3 million Windows systems around 150 countries. To understand the technical details on “WannaCry”, read our previous blog. Source: securelist.comHow to protect against “WannaCry”: There are two methods, 1. Solution: Fix the vulnerability by applying patch mentioned in MS17-010 (Recommended) 2. Workaround: Disable SMBv1 Read “Protecting Against […]

Read More →

WannaCry (also known as Wana Decrypt0r 2.0, Wannacryptor, WannaCrypt, wana Decryptor) ransomware disrupts 2-3 millions of devices around 150 countries, taking important files as a hostage and demanding a ransom of $600 worth of bitcoins. The ransomware is found to be using the old SMB vulnerability (MS17-010 released in April 2017) to spread across devices. There was no second doubt […]

Read More →

Strbleed is a critical flaw in the implementation of Simple Network Management Protocol (SNMP). It leads to access-control bypass, possibly involving an ISP customization in some cases. The authentication bypass vulnerability affects several IoT devices, which can be exploited by attackers by sending random values in specific requests. The vulnerability is tracked as CVE 2017-5135. SNMP […]

Read More →

The Magic Button There is a magic button that is going to save us all. Mathematical modeling, sandboxing, behavioral analysis, machine learning, EDR, what not button. Just click it. Patching vulnerability is gone thing, who is going to sit and roll out those tedious little things. I have invested in magic button. Why should we […]

Read More →